[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: R41 in draft-ietf-v6ops-cpe-simple-security-07

To: Mohacsi Janos <mohacsi@niif.hu>
Subject: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Tue, 28 Jul 2009 19:37:53 +0200
Cc: Yaron Sheffer <yaronf@checkpoint.com>, james woodyatt <jhw@apple.com>, IPv6 Operations <v6ops@ops.ietf.org>
In-reply-to: <alpine.BSF.2.00.0907281919160.19142@mignon.ki.iif.hu>
References: <20090727184501.933F83A6CE4@core3.amsl.com> <56A1905B-54B8-43AA-9AC4-55F46C2FC4B0@apple.com> <029CBD08-5A79-44C2-8490-E63AF783E3B7@muada.com> <7F9A6D26EB51614FBF9F81C0DA4CFEC80133E557C9BA@il-ex01.ad.checkpoint.com> <CA300806-CBF4-4210-B320-A7065E86E116@muada.com> <alpine.BSF.2.00.0907281919160.19142@mignon.ki.iif.hu>

On 28 jul 2009, at 19:22, Mohacsi Janos wrote:

Would it help to require a < 1024 port? On Unix-derived system youhave to be root to be able to send those, so random applicationswouldn't be able to do this without some serious tricking of theuser.

I don't think so. Most of the Windows users using their systems asan Administrator. Administrator can do anything....

Does that mean an application can bind to a low port without thesystem throwing up some kind of yes/no choice? (Not that that'sperfect, but it's something.)

Anyway the bots are preferring some exotic port numbers orportnumber that is usually not firewalled: 80 and 443.

If a bot wants to receive incoming traffic on those ports it wouldhave to signal the CPE that it wants to be de-firewalled for thoseports.

(Not that malware spreads by listening on those ports, listening onports is _so_ 2003.)

Follow-Ups:
- Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: Mohacsi Janos <mohacsi@niif.hu>
- RE: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: "Stark, Barbara" <bs7652@att.com>

References:
- I-D Action:draft-ietf-v6ops-cpe-simple-security-07.txt
  - From: Internet-Drafts@ietf.org
- R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: james woodyatt <jhw@apple.com>
- Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- RE: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: Yaron Sheffer <yaronf@checkpoint.com>
- Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
  - From: Mohacsi Janos <mohacsi@niif.hu>

Prev by Date: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
Next by Date: Re: Tunnel MTU
Previous by thread: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
Next by thread: RE: R41 in draft-ietf-v6ops-cpe-simple-security-07
Index(es):
- Date
- Thread